Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2474 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-29824 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\'t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\'s buffer functions, for example libxslt through 1.1.35, is affected as well. MEDIUM May 7, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-29458 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. MEDIUM Apr 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-29162 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container\'s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. MEDIUM May 13, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. HIGH May 5, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-29154 An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). -- Aug 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28739 There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. MEDIUM Apr 13, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28737 There\'s a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. -- Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28735 The GRUB2\'s shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. -- Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28734 Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It\'s conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2\'s internal memory metadata. -- Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28733 Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. -- Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28615 Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28614 The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the \'ap_rputs\' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28390 ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. MEDIUM Apr 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28389 mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. MEDIUM Apr 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28388 usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. MEDIUM Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-28356 In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. MEDIUM Apr 3, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. HIGH Apr 14, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. MEDIUM Apr 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\'t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. -- Sep 22, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28131 Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. -- Jul 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. MEDIUM May 12, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-27781 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server\'s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. MEDIUM May 12, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-27776 A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. MEDIUM Apr 28, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. MEDIUM Apr 28, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-27774 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. LOW Apr 28, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-27666 A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. MEDIUM Mar 25, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-27406 FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. MEDIUM Apr 22, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-27405 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. MEDIUM Apr 22, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-27404 FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. HIGH Apr 22, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-27223 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. MEDIUM Mar 16, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. LOW Mar 14, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-26691 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. HIGH May 27, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-26490 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. MEDIUM Mar 7, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-26377 Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. MEDIUM Mar 15, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25375 An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. LOW Feb 20, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. HIGH Feb 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. MEDIUM Feb 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. MEDIUM Feb 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25258 An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. MEDIUM Feb 20, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. HIGH Feb 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. HIGH Feb 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-24958 drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. MEDIUM Feb 11, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. MEDIUM Mar 7, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-24903 Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. MEDIUM May 6, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. -- Jul 29, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. -- Jul 29, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference -- Jul 29, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. -- Jul 29, 2022 10.17.41.27 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online