The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-39633 | In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel | LOW | Jan 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-46143 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | MEDIUM | Jan 6, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-28715 | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel\'s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) | LOW | Jan 6, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-28714 | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel\'s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) | LOW | Jan 6, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45452 | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45116 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language\'s variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45115 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-41043 | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45960 | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | MEDIUM | Jan 3, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45949 | Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | LOW | Jan 1, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45944 | Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | LOW | Jan 1, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4193 | vim is vulnerable to Out-of-bounds Read | MEDIUM | Jan 1, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4192 | vim is vulnerable to Use After Free | MEDIUM | Jan 1, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45486 | In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | LOW | Dec 25, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45485 | In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\'t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | MEDIUM | Dec 25, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | HIGH | Dec 24, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | MEDIUM | Dec 24, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4157 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. | HIGH | Dec 24, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4156 | An out-of-bounds read flaw was found in libsndfile\'s FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | MEDIUM | Dec 23, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4149 | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | LOW | Dec 23, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | MEDIUM | Dec 21, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | MEDIUM | Dec 21, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-31566 | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | LOW | Dec 20, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-23177 | An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | LOW | Dec 20, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-41496 | Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally) | MEDIUM | Dec 18, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-41495 | Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place | MEDIUM | Dec 18, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-33430 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user | MEDIUM | Dec 17, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-44733 | A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. | MEDIUM | Dec 17, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-39685 | In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel | HIGH | Dec 17, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45095 | pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | LOW | Dec 16, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45088 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | MEDIUM | Dec 16, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-43818 | lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. | MEDIUM | Dec 16, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4083 | A read-after-free memory flaw was found in the Linux kernel\'s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | MEDIUM | Dec 16, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45078 | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | MEDIUM | Dec 15, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4011 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | MEDIUM | Dec 15, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4010 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | MEDIUM | Dec 15, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4009 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | MEDIUM | Dec 15, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4008 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | MEDIUM | Dec 15, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-44716 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | MEDIUM | Dec 10, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-39657 | In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel | LOW | Dec 9, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-39648 | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel | LOW | Dec 9, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4069 | vim is vulnerable to Use After Free | MEDIUM | Dec 9, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2018-25020 | The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | MEDIUM | Dec 8, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4019 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Dec 4, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3984 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Dec 3, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2019-8922 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn\'t any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | MEDIUM | Dec 3, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2019-8921 | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. | LOW | Dec 3, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-43527 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. | HIGH | Dec 2, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4002 | A memory leak flaw in the Linux kernel\'s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | LOW | Nov 26, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3975 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | -- | Nov 23, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
