The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-44638 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | -- | Nov 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-43995 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. | -- | Nov 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-43680 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | LOW | Oct 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug. | -- | Nov 16, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-42703 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. | -- | Oct 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-41850 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | -- | Oct 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-40768 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | -- | Sep 18, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-40674 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | -- | Sep 16, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-40307 | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | -- | Sep 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-40304 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | LOW | Oct 15, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-40303 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | LOW | Oct 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-39842 | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. | -- | Sep 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-39188 | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | -- | Sep 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-39177 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | -- | Sep 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-39176 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | -- | Sep 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-39028 | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a telnet/tcp server failing (looping), service terminated error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | -- | Aug 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-38725 | An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. | -- | Sep 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-38533 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | LOW | Aug 26, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-38177 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | -- | Sep 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-38126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Sep 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-37460 | a vulnerability (CVE-2022-37460) in the get-remote-certificate script that would allow for remote code execution given malicious host parameter | -- | Aug 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | LOW | Aug 6, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-36946 | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | -- | Jul 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-36879 | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | -- | Jul 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-35737 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | LOW | Jul 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\'s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-34835 | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the do_i2c_md function. | HIGH | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-34265 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | HIGH | Jul 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-33099 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | MEDIUM | Jul 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-33070 | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jun 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32981 | An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. | MEDIUM | Jun 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32742 | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | -- | Jul 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32296 | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056. | LOW | Jun 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | -- | Aug 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | -- | Aug 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | MEDIUM | Jun 14, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | -- | Aug 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-31813 | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | HIGH | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-31629 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\'s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | -- | Oct 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-31628 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. | -- | Oct 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | MEDIUM | Jun 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | MEDIUM | Jun 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30790 | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | HIGH | Jun 8, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30767 | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | HIGH | May 16, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | -- | Jul 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | -- | Jun 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | MEDIUM | May 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30552 | Das U-Boot 2022.01 has a Buffer Overflow. | LOW | Jun 8, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |