The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2318 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | MEDIUM | Jul 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2309 | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\'t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | MEDIUM | Jul 5, 2022 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\'t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | MEDIUM | Jul 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\'s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-33099 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | MEDIUM | Jul 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2257 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2058 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2057 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2056 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-33070 | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jun 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 26, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | MEDIUM | Jun 14, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2125 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-46823 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | MEDIUM | Jun 18, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-32981 | An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. | MEDIUM | Jun 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | MEDIUM | Jun 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | MEDIUM | Jun 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-29404 | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-28615 | Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-28614 | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the \'ap_rputs\' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-26377 | Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2000 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-3696 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it\'s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1897 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1851 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1720 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | MEDIUM | May 18, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | MEDIUM | May 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1785 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | MEDIUM | May 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1735 | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | MEDIUM | May 18, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1734 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | MEDIUM | May 18, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1733 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | MEDIUM | May 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | MEDIUM | May 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-29162 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container\'s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | MEDIUM | May 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-27782 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | MEDIUM | May 12, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-27781 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server\'s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | MEDIUM | May 12, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1674 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | May 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1629 | Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution | MEDIUM | May 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1621 | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
