Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2474 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-2058 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. MEDIUM Jun 30, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2057 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. MEDIUM Jun 30, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2056 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. MEDIUM Jun 30, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. MEDIUM Jun 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1975 There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. -- Jun 6, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1974 A use-after-free flaw was found in the Linux kernel\'s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. -- Jun 6, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2. MEDIUM Jun 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1966 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. HIGH Jun 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1925 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can\'t be triggered, however the matroskaparse element has no size checks. -- Jun 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1924 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. -- Jun 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1923 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. -- Jun 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1922 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. -- Jun 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1921 Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. -- Jun 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1920 Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. -- Jun 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1898 Use After Free in GitHub repository vim/vim prior to 8.2. MEDIUM May 27, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. MEDIUM May 27, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1851 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. MEDIUM May 25, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1836 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- May 25, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1796 Use After Free in GitHub repository vim/vim prior to 8.2.4979. MEDIUM May 20, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1785 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. MEDIUM May 20, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1735 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. MEDIUM May 18, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1734 A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. MEDIUM May 18, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1733 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. MEDIUM May 21, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1729 A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. -- May 23, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. MEDIUM May 18, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1679 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. HIGH May 14, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. MEDIUM May 12, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1664 Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. HIGH May 26, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1652 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. HIGH May 12, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution MEDIUM May 10, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution MEDIUM May 10, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. MEDIUM May 8, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution MEDIUM May 8, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution MEDIUM May 8, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1586 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. MEDIUM May 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1552 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user\'s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. -- May 12, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1462 An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. LOW May 27, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1419 The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. MEDIUM Apr 24, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs\' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. -- Apr 24, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1353 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. LOW Apr 19, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1304 An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. MEDIUM Apr 15, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). HIGH May 3, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1271 An arbitrary file write vulnerability was found in GNU gzip\'s zgrep utility. When zgrep is applied on the attacker\'s chosen file name (for example, a crafted file name), this can overwrite an attacker\'s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. LOW Apr 12, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1205 A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. -- Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1204 A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. -- Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1199 A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. -- Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1198 A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. -- Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1195 A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. LOW Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
CVE-2022-1184 A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. -- Apr 20, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. HIGH Apr 4, 2022 10.17.41.26 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online