The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-3802 | A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. | MEDIUM | Oct 27, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-42739 | The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | MEDIUM | Oct 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-20322 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | MEDIUM | Oct 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3872 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Oct 23, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-42252 | An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | MEDIUM | Oct 12, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-20321 | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. | MEDIUM | Oct 18, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3875 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Oct 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-42008 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | MEDIUM | Oct 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-41864 | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | MEDIUM | Oct 9, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-41092 | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | MEDIUM | Oct 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-41089 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. | MEDIUM | Oct 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-41617 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | MEDIUM | Sep 26, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-39537 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | MEDIUM | Sep 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-20317 | A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. | MEDIUM | Sep 26, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-41072 | squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. | MEDIUM | Sep 14, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-34798 | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-22947 | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\'s injected data comes from the TLS-protected server. | MEDIUM | Sep 14, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-22946 | A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. | MEDIUM | Sep 14, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3796 | vim is vulnerable to Use After Free | MEDIUM | Sep 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3778 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Sep 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-40812 | The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. | MEDIUM | Sep 9, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3772 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | MEDIUM | Sep 10, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-19144 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the \'in _TIFFmemcpy\' funtion in the component \'tif_unix.c\'. | MEDIUM | Sep 10, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2020-19131 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the invertImage() function in the component tiffcrop. | MEDIUM | Sep 10, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-40491 | The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. | MEDIUM | Sep 3, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-40490 | A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | MEDIUM | Sep 3, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-40330 | git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | MEDIUM | Aug 31, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-33938 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | MEDIUM | Sep 2, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-33930 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | MEDIUM | Sep 2, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-33929 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | MEDIUM | Sep 2, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-33928 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | MEDIUM | Sep 2, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2021-3750 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller\'s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | MEDIUM | Sep 3, 2021 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-3671 | A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. | MEDIUM | Sep 3, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3618 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\'s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | MEDIUM | Aug 31, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-40145 | gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor\'s position is The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. | MEDIUM | Aug 26, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3733 | There\'s a flaw in urllib\'s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | MEDIUM | Aug 24, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\'s own d2i functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the data and length fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the data field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). | MEDIUM | Aug 27, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-39293 | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | MEDIUM | Aug 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-37750 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | MEDIUM | Aug 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3713 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. | MEDIUM | Aug 21, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3653 | A flaw was found in the KVM\'s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. | MEDIUM | Aug 17, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-38199 | fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. | MEDIUM | Aug 8, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-38185 | GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. | MEDIUM | Aug 8, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-38115 | read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | MEDIUM | Aug 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-29923 | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | MEDIUM | Aug 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3682 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. | MEDIUM | Aug 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-37159 | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | MEDIUM | Jul 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | MEDIUM | Jul 24, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
