The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-0891 | A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact | MEDIUM | Mar 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-26490 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | MEDIUM | Mar 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24921 | regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | MEDIUM | Mar 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0865 | Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. | MEDIUM | Mar 6, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24407 | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | MEDIUM | Feb 24, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0729 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | MEDIUM | Feb 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0714 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | MEDIUM | Feb 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0696 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. | MEDIUM | Feb 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-25314 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | MEDIUM | Feb 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-25313 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | MEDIUM | Feb 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-25258 | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. | MEDIUM | Feb 20, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | MEDIUM | Feb 21, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0685 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | MEDIUM | Feb 20, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0617 | A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. | MEDIUM | Feb 16, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0572 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 17, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0571 | Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. | MEDIUM | Feb 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24958 | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23833 | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23806 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23098 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23097 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23096 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22818 | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0562 | Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0561 | Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0554 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0443 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0417 | Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0408 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0392 | Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. | MEDIUM | Feb 3, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \'\\r\' and \'\\n\' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | MEDIUM | Feb 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0368 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0361 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0359 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0351 | Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jan 31, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-44879 | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | MEDIUM | Feb 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-33120 | Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. | MEDIUM | Feb 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4160 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). | MEDIUM | Feb 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0319 | Out-of-bounds Read in vim/vim prior to 8.2. | MEDIUM | Jan 22, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0238 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Jan 16, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0213 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Jan 15, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0204 | A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. | MEDIUM | Jan 17, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0197 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Jan 13, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0196 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Jan 13, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | MEDIUM | Jan 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4202 | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. | MEDIUM | Jan 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22844 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | MEDIUM | Jan 10, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22827 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | MEDIUM | Jan 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
