The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | MEDIUM | Jul 22, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-22924 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \'issuercert\' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\'t include the \'issuer cert\' which a transfer can setto qualify how to verify the server certificate. | MEDIUM | Jul 22, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3640 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | MEDIUM | Jul 23, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2021-3246 | A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | MEDIUM | Jul 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-32066 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a StartTLS stripping attack. | MEDIUM | Jul 8, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | MEDIUM | Jul 8, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-22555 | A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | MEDIUM | Jul 9, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-35942 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | MEDIUM | Jul 1, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-21705 | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. | MEDIUM | Jul 2, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-32078 | An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn\'t be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. | MEDIUM | Jun 17, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3609 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | MEDIUM | Jun 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3580 | A flaw was found in the way nettle\'s RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | MEDIUM | Jun 10, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3573 | A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. | MEDIUM | Jun 9, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-0605 | In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 | MEDIUM | Jun 8, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-0512 | In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel | MEDIUM | Jun 8, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-36386 | An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | MEDIUM | Jun 14, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-36385 | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | MEDIUM | Jun 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-24489 | Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | MEDIUM | Jun 10, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2019-25045 | An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | MEDIUM | Jun 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-26690 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | MEDIUM | Jun 4, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3522 | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | MEDIUM | Jun 2, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-35452 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | MEDIUM | Jun 4, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-17541 | Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | MEDIUM | Jun 1, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-33560 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. | MEDIUM | May 28, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-22898 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | MEDIUM | May 26, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-22543 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | MEDIUM | May 27, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-26558 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. | MEDIUM | May 28, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-26555 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | MEDIUM | May 28, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-33477 | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. | MEDIUM | May 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-33196 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\'s header) can cause a NewReader or OpenReader panic. | MEDIUM | May 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3200 | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service | MEDIUM | May 18, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-36332 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | MEDIUM | May 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-36331 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | MEDIUM | May 21, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-36330 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | MEDIUM | May 21, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2018-25013 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | MEDIUM | May 21, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2018-25012 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | MEDIUM | May 21, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2018-25010 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | MEDIUM | May 21, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2018-25009 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | MEDIUM | May 21, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-32399 | net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. | MEDIUM | May 14, 2021 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | MEDIUM | May 14, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-3524 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \\r as a header separator, thus a new flaw has been created. | MEDIUM | May 12, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-26139 | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. | MEDIUM | May 11, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-24586 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\'t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. | MEDIUM | May 11, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2021-32052 | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. | MEDIUM | May 6, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-31916 | An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | MEDIUM | May 6, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-31542 | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | MEDIUM | May 6, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-23134 | Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. | MEDIUM | May 10, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | MEDIUM | May 10, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-25215 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | MEDIUM | Apr 29, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-25214 | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | MEDIUM | Apr 29, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |