The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2016-10095 | Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | MEDIUM | Mar 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2016-9844 | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. | LOW | Jan 20, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2016-9578 | A vulnerability was discovered in SPICE before 0.13.90 in the server\'s protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. | MEDIUM | Jul 28, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
CVE-2016-9577 | A vulnerability was discovered in SPICE before 0.13.90 in the server\'s protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | MEDIUM | Jul 28, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
CVE-2016-6906 | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. | MEDIUM | Mar 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2016-6321 | Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | MEDIUM | Dec 9, 2016 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2016-6252 | Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | MEDIUM | Feb 22, 2017 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2016-4491 | The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having itself as ancestor more than once. | MEDIUM | Feb 24, 2017 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2016-3709 | Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | LOW | Jul 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2016-1517 | OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. | MEDIUM | Apr 9, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2016-1516 | OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | MEDIUM | Apr 9, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | HIGH | Apr 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2015-9262 | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | HIGH | Aug 7, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2015-9253 | An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. | MEDIUM | Feb 19, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2015-8985 | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | Medium | Mar 23, 2017 | 10.17.41.17 (Wind River Linux LTS 17) |
CVE-2015-4646 | (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | Apr 13, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2015-4645 | Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | Medium | Mar 21, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
CVE-2014-10402 | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | LOW | Sep 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2014-9913 | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. | Low | Jan 20, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2013-7488 | perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | MEDIUM | Apr 9, 2020 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2013-7459 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | High | Feb 23, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2010-2496 | stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | LOW | Oct 21, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2009-5155 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | Medium | Mar 25, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
CVE-2004-2779 | id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). | MEDIUM | Feb 20, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |