The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-20322 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | MEDIUM | Oct 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2022-21385 | A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | -- | Sep 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1734 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | MEDIUM | May 18, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2017-7375 | A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). | HIGH | Feb 20, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2020-25705 | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version | MEDIUM | Nov 17, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2020-35493 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | MEDIUM | Jan 7, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-3564 | A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. | LOW | May 26, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2020-25637 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | HIGH | Oct 8, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | MEDIUM | Feb 17, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2021-3750 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller\'s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | MEDIUM | Sep 3, 2021 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2020-16310 | A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 13, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16299 | A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-23903 | A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | MEDIUM | Nov 11, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2018-14629 | A denial of service vulnerability was discovered in Samba\'s LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. | MEDIUM | Dec 16, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | MEDIUM | Dec 10, 2020 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2019-9721 | A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | Medium | Mar 14, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | -- | Jan 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2019-12922 | A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | Medium | Sep 13, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | MEDIUM | Dec 24, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | MEDIUM | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | HIGH | Dec 24, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-9366 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | HIGH | Feb 25, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2020-14393 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | LOW | Sep 20, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2022-2601 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | -- | Nov 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2019-8842 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs. | LOW | Sep 15, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2020-16300 | A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2018-15688 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | HIGH | Oct 26, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2020-16308 | A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16288 | A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16305 | A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16301 | A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16292 | A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16298 | A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16309 | A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16287 | A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16302 | A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16290 | A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16304 | A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16296 | A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-17538 | A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16297 | A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16294 | A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16291 | A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2020-16289 | A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.17.41.22 (Wind River Linux LTS 17) |
| CVE-2021-33430 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user | MEDIUM | Dec 17, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2019-8696 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. | MEDIUM | Sep 15, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
