The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-2058 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2057 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2056 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-2000 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1975 | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | -- | Jun 6, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1974 | A use-after-free flaw was found in the Linux kernel\'s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. | -- | Jun 6, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1966 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | HIGH | Jun 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1925 | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can\'t be triggered, however the matroskaparse element has no size checks. | -- | Jun 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1924 | DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | -- | Jun 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1923 | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | -- | Jun 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1922 | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | -- | Jun 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1921 | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | -- | Jun 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1920 | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | -- | Jun 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1897 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1851 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1836 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | May 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | MEDIUM | May 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1785 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | MEDIUM | May 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1735 | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | MEDIUM | May 18, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1734 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | MEDIUM | May 18, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1733 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | MEDIUM | May 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1729 | A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | -- | May 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1720 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | MEDIUM | May 18, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1679 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | HIGH | May 14, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1674 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | May 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | HIGH | May 26, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1652 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | HIGH | May 12, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1629 | Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution | MEDIUM | May 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1621 | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1620 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | May 8, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1619 | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1616 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1586 | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. | MEDIUM | May 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1552 | A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user\'s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | -- | May 12, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1462 | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | LOW | May 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1419 | The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | MEDIUM | Apr 24, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1355 | A stack buffer overflow flaw was found in Libtiffs\' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | -- | Apr 24, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1353 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | LOW | Apr 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1304 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | MEDIUM | Apr 15, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1292 | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | HIGH | May 3, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1271 | An arbitrary file write vulnerability was found in GNU gzip\'s zgrep utility. When zgrep is applied on the attacker\'s chosen file name (for example, a crafted file name), this can overwrite an attacker\'s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | LOW | Apr 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1205 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1204 | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1199 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1198 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1195 | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | LOW | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-1184 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | -- | Apr 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | HIGH | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |