The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-1118 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Mar 2, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1637 | A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. | -- | Mar 28, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2019-3846 | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | High | Jun 9, 2019 | 10.18.44.9 (Wind River Linux LTS 18) |
| CVE-2020-35508 | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. | MEDIUM | Feb 24, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
| CVE-2022-0617 | A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. | MEDIUM | Feb 16, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
| CVE-2020-14356 | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | HIGH | Aug 21, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-25704 | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. | MEDIUM | Nov 12, 2020 | 10.18.44.20 (Wind River Linux LTS 18) |
| CVE-2022-4662 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | -- | Dec 23, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2021-20322 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | MEDIUM | Oct 20, 2021 | 10.18.44.25 (Wind River Linux LTS 18) |
| CVE-2022-1734 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | MEDIUM | May 18, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
| CVE-2020-25705 | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version | MEDIUM | Nov 17, 2020 | 10.18.44.21 (Wind River Linux LTS 18) |
| CVE-2020-35493 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | MEDIUM | Jan 7, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
| CVE-2021-3564 | A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. | LOW | May 26, 2021 | 10.18.44.23 (Wind River Linux LTS 18) |
| CVE-2018-5744 | A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. | MEDIUM | Oct 9, 2019 | 10.18.44.12 (Wind River Linux LTS 18) |
| CVE-2022-4744 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Mar 27, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2020-25637 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | HIGH | Oct 8, 2020 | 10.18.44.20 (Wind River Linux LTS 18) |
| CVE-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | MEDIUM | Feb 17, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
| CVE-2021-3750 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller\'s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | MEDIUM | Sep 3, 2021 | 10.18.44.28 (Wind River Linux LTS 18) |
| CVE-2020-16310 | A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 13, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-16299 | A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-23903 | A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | MEDIUM | Nov 11, 2021 | 10.18.44.25 (Wind River Linux LTS 18) |
| CVE-2020-21710 | A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. | -- | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2018-14629 | A denial of service vulnerability was discovered in Samba\'s LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. | MEDIUM | Dec 16, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
| CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | MEDIUM | Dec 10, 2020 | 10.18.44.22 (Wind River Linux LTS 18) |
| CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | -- | Apr 25, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2019-9721 | A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | Medium | Mar 14, 2019 | 10.18.44.6 (Wind River Linux LTS 18) |
| CVE-2023-1382 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | -- | Mar 15, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | -- | Jan 11, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
| CVE-2019-12922 | A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | Medium | Sep 13, 2019 | 10.18.44.11 (Wind River Linux LTS 18) |
| CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | MEDIUM | Dec 24, 2021 | 10.18.44.25 (Wind River Linux LTS 18) |
| CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 | 10.18.44.24 (Wind River Linux LTS 18) |
| CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 | 10.18.44.24 (Wind River Linux LTS 18) |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.18.44.27 (Wind River Linux LTS 18) |
| CVE-2021-36160 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | MEDIUM | Sep 16, 2021 | 10.18.44.24 (Wind River Linux LTS 18) |
| CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | MEDIUM | Mar 14, 2022 | 10.18.44.26 (Wind River Linux LTS 18) |
| CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | HIGH | Dec 24, 2021 | 10.18.44.25 (Wind River Linux LTS 18) |
| CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | -- | Jan 25, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2018-12404 | A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. | MEDIUM | Dec 31, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
| CVE-2020-9366 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | HIGH | Feb 25, 2020 | 10.18.44.15 (Wind River Linux LTS 18) |
| CVE-2020-14393 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | LOW | Sep 20, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2022-2601 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | -- | Nov 17, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2019-8842 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs. | LOW | Sep 15, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-16300 | A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2018-15688 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | HIGH | Oct 26, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
| CVE-2020-16308 | A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-16288 | A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-16305 | A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-16301 | A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
| CVE-2020-16292 | A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.18.44.19 (Wind River Linux LTS 18) |
