Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2474 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug. -- Nov 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3775 When rendering certain unicode sequences, grub2\'s font code doesn\'t proper validate if the informed glyph\'s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\'s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. -- Nov 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2601 A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. -- Nov 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-44638 In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. -- Nov 5, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-43995 Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. -- Nov 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2021-46848 GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. -- Oct 24, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3646 A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. -- Oct 21, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3635 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. -- Oct 21, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3629 A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. -- Oct 21, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3621 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. -- Oct 20, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3594 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. -- Oct 20, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. -- Oct 21, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write. -- Oct 20, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3553 A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. -- Oct 19, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3551 A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. -- Oct 19, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3550 A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. -- Oct 19, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3524 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. -- Oct 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-42703 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. -- Oct 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-41850 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. -- Oct 4, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\'s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. -- Oct 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. -- Oct 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2929 In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. -- Oct 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2928 In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\'s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. -- Oct 7, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38177 By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. -- Sep 25, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\'t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. -- Sep 22, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3256 Use After Free in GitHub repository vim/vim prior to 9.0.0530. -- Sep 23, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3239 A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. -- Sep 21, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2795 By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\'s performance, effectively denying legitimate clients access to the DNS resolution service. -- Sep 25, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2021-3782 An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. -- Sep 23, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40768 drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. -- Sep 18, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. -- Sep 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. -- Sep 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3202 A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. -- Sep 16, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2977 A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. -- Sep 17, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. -- Sep 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39842 An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. -- Sep 9, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39188 An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-39028 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a telnet/tcp server failing (looping), service terminated error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. -- Aug 30, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38725 An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. -- Sep 3, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-38126 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-21385 A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) -- Sep 1, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3061 Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn\'t check the value of \'pixclock\', so it may cause a divide by zero error. -- Sep 1, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-3028 A race condition was found in the Linux kernel\'s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. -- Sep 3, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. -- Sep 2, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2020-35536 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. -- Aug 31, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2020-27784 A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). -- Sep 1, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2991 A heap-based buffer overflow was found in the Linux kernel\'s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. -- Aug 25, 2022 10.17.41.27 (Wind River Linux LTS 17)
CVE-2022-2980 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. -- Aug 27, 2022 10.17.41.27 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online