The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-23916 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this decompression chain wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a malloc bomb, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | LOW | Feb 16, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-23908 | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | LOW | Aug 9, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-23559 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | -- | Jan 13, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-23455 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | -- | Jan 12, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a -- argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value. | -- | Jan 27, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-22490 | Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim\'s filesystem within the malicious repository\'s working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. | -- | Feb 14, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | -- | Aug 31, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | -- | Jun 13, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-20593 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | LOW | Jul 25, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-5535 | Use After Free in GitHub repository vim/vim prior to v9.0.2010. | -- | Oct 11, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-5441 | NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | -- | Oct 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | -- | Oct 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4921 | A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. | -- | Sep 12, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | -- | Sep 12, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4751 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | -- | Sep 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4738 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | -- | Sep 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | -- | Sep 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4735 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | -- | Sep 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4734 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | -- | Sep 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | -- | Sep 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4641 | A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. | -- | Sep 1, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4623 | A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. | -- | Sep 7, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4622 | A use-after-free vulnerability in the Linux kernel\'s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer\'s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. | -- | Sep 7, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4459 | A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. | -- | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4385 | A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. | -- | Aug 16, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4208 | A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. | -- | Sep 7, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4156 | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | -- | Aug 7, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4132 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | -- | Aug 3, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4128 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | -- | Aug 10, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-4016 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. | -- | Aug 2, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3896 | Divide By Zero in vim/vim from??9.0.1367-1 to??9.0.1367-3 | -- | Aug 7, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. | -- | Aug 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. | -- | Aug 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3817 | Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | LOW | Jul 26, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3812 | An out-of-bounds memory access flaw was found in the Linux kernel???s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Jul 21, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3772 | A flaw was found in the Linux kernel???s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | -- | Jul 25, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3618 | A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. | -- | Jul 12, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3609 | A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. | -- | Jul 24, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3446 | Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\'p\' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \'-check\' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | LOW | Jul 14, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3358 | A null pointer dereference was found in the Linux kernel\'s Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. | -- | Jun 24, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3354 | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. | -- | Jun 29, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3341 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel\'s configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. | -- | Sep 20, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3316 | A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. | -- | Jun 20, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3268 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | -- | Jun 17, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3247 | In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\'s nonce. | -- | Jun 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3212 | A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | -- | Jun 14, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3180 | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. | -- | Aug 3, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
