The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2020-27781 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even admin users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. | LOW | Dec 19, 2020 | 10.18.44.21 (Wind River Linux LTS 18) |
CVE-2020-16119 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. | MEDIUM | Jan 14, 2021 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2020-15436 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | HIGH | Nov 23, 2020 | 10.18.44.21 (Wind River Linux LTS 18) |
CVE-2023-2426 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | -- | May 1, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2022-0729 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | MEDIUM | Feb 25, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2022-0685 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | MEDIUM | Feb 20, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2022-0554 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2021-23134 | Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. | MEDIUM | May 10, 2021 | 10.18.44.23 (Wind River Linux LTS 18) |
CVE-2023-1281 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.??The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \'tcf_exts_exec()\' is called with the destroyed tcf_ext.??A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. | -- | Mar 24, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | HIGH | Apr 4, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2021-41043 | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | MEDIUM | Jan 5, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2023-5535 | Use After Free in GitHub repository vim/vim prior to v9.0.2010. | -- | Oct 11, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2022-4292 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | -- | Dec 6, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-3591 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | -- | Dec 2, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-3352 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | -- | Sep 30, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-3297 | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | -- | Sep 25, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-3256 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | -- | Sep 23, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-3235 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | -- | Sep 18, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
CVE-2022-3134 | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | -- | Sep 9, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-3099 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | -- | Sep 3, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-3037 | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | -- | Sep 1, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-3016 | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | -- | Aug 28, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2982 | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | -- | Aug 27, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2946 | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | -- | Aug 25, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2889 | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | -- | Aug 19, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2862 | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | -- | Aug 19, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2817 | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | -- | Aug 19, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | MEDIUM | May 20, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 2, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
CVE-2022-0443 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
CVE-2022-1616 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
CVE-2020-12464 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | HIGH | Apr 29, 2020 | 10.18.44.17 (Wind River Linux LTS 18) |
CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | MEDIUM | Sep 30, 2020 | 10.18.44.20 (Wind River Linux LTS 18) |
CVE-2019-9948 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\'local_file:///etc/passwd\') call. | Medium | Mar 25, 2019 | 10.18.44.7 (Wind River Linux LTS 18) |
CVE-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | MEDIUM | Sep 12, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
CVE-2020-26154 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | MEDIUM | Oct 9, 2020 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | -- | Sep 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a -oProxyCommand argument. | HIGH | Nov 25, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2023-4016 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. | -- | Aug 2, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \'any\' field tag. | -- | Aug 10, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | -- | Jun 1, 2022 | 10.18.44.28 (Wind River Linux LTS 18) |
CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | -- | Jun 20, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |