The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-39028 | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a telnet/tcp server failing (looping), service terminated error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | -- | Aug 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2953 | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | -- | Aug 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2964 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | -- | Aug 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2980 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | -- | Aug 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-38533 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | LOW | Aug 26, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2991 | A heap-based buffer overflow was found in the Linux kernel\'s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. | -- | Aug 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2021-28861 | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states Warning: http.server is not recommended for production. It only implements basic security checks. | LOW | Aug 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2978 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Aug 24, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2923 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | -- | Aug 24, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2021-3800 | A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | -- | Aug 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2526 | A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in \'resolved-dns-stream.c\' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. | -- | Aug 22, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2020-27792 | A heap-based buffer overwrite vulnerability was found in GhostScript\'s lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | -- | Aug 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-37460 | a vulnerability (CVE-2022-37460) in the get-remote-certificate script that would allow for remote code execution given malicious host parameter | -- | Aug 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-21233 | Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | LOW | Aug 11, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2588 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | -- | Aug 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | LOW | Aug 6, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2598 | Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | -- | Aug 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-20369 | In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel | -- | Aug 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-20368 | Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | -- | Aug 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | -- | Aug 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | -- | Aug 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | -- | Aug 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-29154 | An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | -- | Aug 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-24810 | net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | -- | Jul 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-24809 | net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | -- | Jul 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-24808 | net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | -- | Jul 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-24807 | net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | -- | Jul 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-24806 | net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | -- | Jul 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-24805 | net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | -- | Jul 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-36946 | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | -- | Jul 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32742 | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | -- | Jul 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2016-3709 | Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | LOW | Jul 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-36879 | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | -- | Jul 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-35737 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | LOW | Jul 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2021-33655 | When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | -- | Jul 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2020-36558 | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | -- | Jul 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2020-36557 | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | -- | Jul 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2021-46828 | In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. | -- | Jul 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2021-33656 | When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. | -- | Jul 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2380 | The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. | -- | Jul 14, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2320 | A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. | -- | Jul 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2319 | A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. | -- | Jul 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\'t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | MEDIUM | Jul 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2318 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | MEDIUM | Jul 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-34265 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | HIGH | Jul 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2309 | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\'t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | MEDIUM | Jul 5, 2022 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | -- | Jul 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | -- | Jul 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |