The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-44617 | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | -- | Jan 18, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-4883 | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. | -- | Jan 18, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0266 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.??SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit??56b88b50565cd8b946a2d00b0c83927b7ebb055e | -- | Jan 14, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-23559 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | -- | Jan 13, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0288 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. | -- | Jan 13, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-23455 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | -- | Jan 12, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4743 | A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. | -- | Jan 12, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-31631 | PDO::quote() may return unquoted string | -- | Jan 7, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0047 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none. | -- | Jan 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0054 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | -- | Jan 4, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0051 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. | -- | Jan 4, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0049 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | -- | Jan 4, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0030 | A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Jan 3, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47952 | lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because Failed to open often indicates that a file does not exist, whereas does not refer to a network namespace path often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that we will report back to the user that the open() failed but the user has no way of knowing why it failed; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist. | -- | Jan 2, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | -- | Dec 25, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-47629 | Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | -- | Dec 24, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4662 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | -- | Dec 23, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-43552 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | LOW | Dec 22, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44940 | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. | -- | Dec 20, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4603 | A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario. | -- | Dec 18, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46344 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46343 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46342 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46341 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46340 | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-3111 | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-3108 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4378 | A stack overflow flaw was found in the Linux kernel\'s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Dec 10, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-41861 | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. | -- | Dec 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-41860 | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. | -- | Dec 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-20566 | In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel | -- | Dec 7, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-20565 | HID: core: Correctly handle ReportSize being zero | -- | Dec 7, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-3643 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | -- | Dec 7, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4293 | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | -- | Dec 6, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4292 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | -- | Dec 6, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-3491 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | -- | Dec 3, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-3591 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | -- | Dec 2, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-3520 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | -- | Dec 2, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | -- | Nov 27, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-45919 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | -- | Nov 27, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45887 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | -- | Nov 25, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45886 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | -- | Nov 25, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45884 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | -- | Nov 25, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-4141 | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | -- | Nov 25, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-36227 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution. | LOW | Nov 24, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4129 | A flaw was found in the Linux kernel\'s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | -- | Nov 24, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-41858 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | -- | Nov 23, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4095 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | -- | Nov 23, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2009-1143 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | -- | Nov 23, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
