The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-27218 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | MEDIUM | Feb 16, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-27219 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | MEDIUM | Feb 16, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-43400 | An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. | MEDIUM | Nov 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2018-20976 | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | Medium | Aug 23, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2018-13093 | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. | MEDIUM | Jul 3, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
| CVE-2018-13095 | An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. | MEDIUM | Jul 3, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
| CVE-2018-13094 | An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. | MEDIUM | Jul 3, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
| CVE-2022-24448 | An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. | LOW | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2018-13097 | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). | MEDIUM | Jul 3, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2018-13100 | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. | MEDIUM | Jul 7, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2018-13096 | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. | MEDIUM | Jul 3, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2018-13098 | An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. | MEDIUM | Jul 3, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2018-13099 | An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. | MEDIUM | Jul 8, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2018-6942 | An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. | MEDIUM | Feb 13, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2018-10547 | An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | MEDIUM | Apr 29, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2018-18607 | An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | MEDIUM | Oct 23, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2019-7150 | An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. | Medium | Jan 29, 2019 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2019-12382 | An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference | Medium | Jun 9, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
| CVE-2019-17351 | An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. | Medium | Oct 11, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2022-25375 | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | LOW | Feb 20, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-25258 | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. | MEDIUM | Feb 20, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2019-15090 | An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. | Medium | Aug 29, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
| CVE-2017-18549 | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure. | Low | Aug 23, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2017-18550 | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. | Low | Aug 23, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2019-18683 | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. | MEDIUM | Nov 8, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2017-18551 | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | Medium | Aug 23, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
| CVE-2020-13401 | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | HIGH | Jun 2, 2020 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2019-12614 | An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). | High | Jun 13, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2022-34265 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | HIGH | Jul 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-28346 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | HIGH | Apr 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45115 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45116 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language\'s variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system\'s standard umask rather than 0o077. | MEDIUM | Sep 2, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | MEDIUM | Sep 2, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2020-13596 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | MEDIUM | Jun 4, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2020-13254 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | MEDIUM | Jun 4, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2018-7536 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | MEDIUM | Mar 9, 2018 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2018-7537 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator\'s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | MEDIUM | Mar 9, 2018 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-14235 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | Medium | Aug 12, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-14232 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator\'s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | Medium | Aug 12, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-14233 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. | Medium | Aug 12, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-14234 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of OR 1=1 in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | HIGH | Aug 9, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-12781 | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. | Medium | Jul 12, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-12308 | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. | Medium | Jun 12, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-18276 | An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support saved UID functionality, the saved UID is not dropped. An attacker with command execution in the shell can use enable -f for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. | HIGH | Nov 29, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2020-12049 | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\'s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | MEDIUM | Jun 8, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-14196 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. | High | Aug 2, 2019 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2018-17794 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. | MEDIUM | Sep 30, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2019-3701 | An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user root with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller\'s I/O memory when processing can-gw manipulated outgoing frames. | HIGH | Jan 4, 2019 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2019-20386 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | LOW | Feb 10, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
