The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0408 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \'\\r\' and \'\\n\' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | MEDIUM | Feb 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-33120 | Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. | MEDIUM | Feb 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-0145 | Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Feb 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-0127 | Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. | LOW | Feb 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24448 | An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. | LOW | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23990 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | HIGH | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23852 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | HIGH | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23098 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23097 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23096 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0487 | A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. | LOW | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24130 | xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | LOW | Feb 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4160 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). | MEDIUM | Feb 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0392 | Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. | MEDIUM | Feb 3, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0368 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0361 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0359 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0351 | Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jan 31, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit\'s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\'t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\'ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | HIGH | Jan 31, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4189 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | LOW | Jan 26, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0322 | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). | LOW | Jan 24, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0319 | Out-of-bounds Read in vim/vim prior to 8.2. | MEDIUM | Jan 22, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23772 | Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | HIGH | Jan 21, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0318 | Heap-based Buffer Overflow in vim/vim prior to 8.2. | HIGH | Jan 21, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0204 | A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. | MEDIUM | Jan 17, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0238 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Jan 16, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0213 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Jan 15, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23219 | The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | HIGH | Jan 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23218 | The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | HIGH | Jan 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | -- | Jan 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0157 | phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') | LOW | Jan 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0197 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Jan 13, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0196 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Jan 13, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3999 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | -- | Jan 13, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | MEDIUM | Jan 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4202 | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. | MEDIUM | Jan 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | -- | Jan 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | -- | Jan 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22844 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | MEDIUM | Jan 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4197 | An unprivileged write to the file handler flaw in the Linux kernel\'s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | HIGH | Jan 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22827 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | MEDIUM | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22826 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | MEDIUM | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22825 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | MEDIUM | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22824 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | HIGH | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22823 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | HIGH | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22822 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | HIGH | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-39634 | In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel | HIGH | Jan 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
