Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2474 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-44638 In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. -- Nov 5, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-43995 Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. -- Nov 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. LOW Oct 28, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug. -- Nov 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-42703 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. -- Oct 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-41850 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. -- Oct 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40768 drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. -- Sep 18, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. -- Sep 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. -- Sep 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40304 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. LOW Oct 15, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40303 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. LOW Oct 23, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39842 An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. -- Sep 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39188 An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39028 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a telnet/tcp server failing (looping), service terminated error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. -- Aug 30, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38725 An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. -- Sep 3, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38533 In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. LOW Aug 26, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38177 By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. -- Sep 25, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38126 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-37460 a vulnerability (CVE-2022-37460) in the get-remote-certificate script that would allow for remote code execution given malicious host parameter -- Aug 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). LOW Aug 6, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-36946 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. -- Jul 28, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-36879 An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. -- Jul 27, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-35737 SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. LOW Jul 25, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-34903 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\'s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. MEDIUM Jul 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the do_i2c_md function. HIGH Jun 30, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. HIGH Jul 5, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-33099 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. MEDIUM Jul 1, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-33070 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. MEDIUM Jun 23, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32981 An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. MEDIUM Jun 10, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32742 A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). -- Jul 28, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32296 The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056. LOW Jun 5, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32293 In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. -- Aug 3, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32292 In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. -- Aug 3, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32278 XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. MEDIUM Jun 14, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-32189 A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. -- Aug 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31813 Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. HIGH Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\'s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. -- Oct 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. -- Oct 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31626 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. MEDIUM Jun 10, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31625 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. MEDIUM Jun 10, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. HIGH Jun 8, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. HIGH May 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30635 Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. -- Jul 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30631 Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. -- Jun 1, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30594 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. MEDIUM May 12, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow. LOW Jun 8, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-30522 If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online