The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-19970 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | MEDIUM | Dec 13, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-18397 | The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | LOW | Dec 12, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19931 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. | MEDIUM | Dec 11, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19932 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. | MEDIUM | Dec 11, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-18311 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | HIGH | Dec 10, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-18314 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | HIGH | Dec 10, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-20002 | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. | MEDIUM | Dec 10, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-18313 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | MEDIUM | Dec 8, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19824 | In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | MEDIUM | Dec 7, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-16868 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. | LOW | Dec 6, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19665 | The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. | LOW | Dec 6, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-16869 | A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. | LOW | Dec 6, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19591 | In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. | MEDIUM | Dec 5, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19854 | An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). | LOW | Dec 4, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-16841 | Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba\'s KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. | MEDIUM | Nov 29, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-16853 | Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command. | MEDIUM | Nov 29, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19755 | There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. | MEDIUM | Nov 29, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19758 | There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | MEDIUM | Nov 29, 2018 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2018-19664 | libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. | MEDIUM | Nov 29, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19409 | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | HIGH | Nov 25, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a -oProxyCommand argument. | HIGH | Nov 25, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19519 | In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. | MEDIUM | Nov 25, 2018 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2018-19364 | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | LOW | Nov 25, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19489 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | LOW | Nov 25, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-16862 | A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. | LOW | Nov 25, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19432 | An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | MEDIUM | Nov 24, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19475 | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | MEDIUM | Nov 23, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19476 | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | MEDIUM | Nov 23, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19477 | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | MEDIUM | Nov 23, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19486 | Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if \'.\' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | HIGH | Nov 23, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19407 | The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. | MEDIUM | Nov 23, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19210 | In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | MEDIUM | Nov 12, 2018 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2018-19211 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a dubious character `*\' in name or alias field detection. | MEDIUM | Nov 12, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19214 | Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. | MEDIUM | Nov 12, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19215 | Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. | MEDIUM | Nov 12, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19216 | Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. | MEDIUM | Nov 12, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-16395 | An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | HIGH | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-16396 | An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. | MEDIUM | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-18849 | In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | LOW | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-18954 | The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. | LOW | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-5407 | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \'port contention\'. | LOW | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-9517 | In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. | HIGH | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-9518 | In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945. | HIGH | Nov 11, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-16847 | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. | MEDIUM | Nov 9, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19052 | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing \'/\' character, but the alias target filesystem path does have a trailing \'/\' character. | MEDIUM | Nov 7, 2018 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2018-9516 | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. | HIGH | Nov 7, 2018 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2018-14651 | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-14653 | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the \'__server_getspec\' function via the \'gf_getspec_req\' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the \'features/index\' translator. A remote attacker with access to mount volumes could exploit this via the \'GF_XATTROP_ENTRY_IN_KEY\' xattrop to create arbitrary, empty files on the target server. | HIGH | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-14659 | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the \'GF_XATTR_IOSTATS_DUMP_KEY\' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling \'setxattr(2)\' to trigger a state dump and create an arbitrary number of files in the server\'s runtime directory. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
