The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-1205 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1204 | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1199 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1198 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1016 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \'return\' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | -- | Mar 30, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0934 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | -- | Apr 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | -- | Apr 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-0850 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | -- | Mar 6, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0812 | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | -- | Mar 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-0644 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Feb 18, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | -- | Jan 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | -- | Jan 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3999 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | -- | Jan 13, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | -- | Jan 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3975 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | -- | Nov 23, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-34981 | kernel: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability | -- | Nov 3, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3896 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Oct 25, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3521 | There is a flaw in RPM\'s signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. | -- | Oct 8, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3764 | A memory leak flaw was found in the Linux kernel\'s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | -- | Sep 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3669 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | -- | Aug 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jun 9, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2019-15167 | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. | -- | Mar 13, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2018-1000845 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidate is a duplicate of CVE-2017-6519. Notes: All CVE users should reference CVE-2017-6519 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Dec 20, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-4700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Dec 31, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
