The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-1206 | A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel???s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. | -- | Jun 26, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1175 | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | -- | Mar 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1170 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | -- | Mar 3, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1127 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | -- | Mar 4, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1118 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Mar 2, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1095 | In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. | -- | Mar 1, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1079 | A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. | -- | Feb 28, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1078 | A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. | -- | Feb 28, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1077 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | -- | Feb 28, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1074 | A memory leak flaw was found in the Linux kernel\'s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. | -- | Feb 28, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1073 | A memory corruption flaw was found in the Linux kernel???s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Feb 28, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0804 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0803 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0802 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0801 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0800 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0799 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0798 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0797 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0796 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0795 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | -- | Feb 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0662 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. | -- | Feb 16, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0615 | A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. | -- | Feb 3, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0590 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. | -- | Feb 1, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0568 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | -- | Feb 16, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0567 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. | -- | Feb 15, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0512 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. | -- | Jan 30, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0494 | A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. | -- | Feb 7, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0466 | The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. | LOW | Mar 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0465 | Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy\' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()\' function. | LOW | Mar 27, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0464 | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy\' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()\' function. | LOW | Mar 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0461 | There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS??or CONFIG_XFRM_ESPINTCP??has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data??of a struct inet_connection_sock. When CONFIG_TLS??is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt??TCP_ULP??operation does not require any privilege. We recommend upgrading past commit??2c02d41d71f90a5168391b6a5f2954112ba2307c | -- | Feb 28, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0459 | Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the access_ok check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 | -- | Apr 20, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0458 | A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the \'rlim\' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 | -- | Apr 20, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0433 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | -- | Jan 23, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0394 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | -- | Jan 27, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0361 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | -- | Feb 11, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0330 | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | -- | Jan 18, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0288 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. | -- | Jan 13, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0286 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | LOW | Feb 9, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0266 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.??SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit??56b88b50565cd8b946a2d00b0c83927b7ebb055e | -- | Jan 14, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0240 | There is a logic error in io_uring\'s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. | -- | Jan 30, 2023 | 10.18.44.1 (Wind River Linux LTS 18) |
| CVE-2023-0215 | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. | LOW | Feb 9, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0054 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | -- | Jan 4, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0051 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. | -- | Jan 4, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0049 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | -- | Jan 4, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0047 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none. | -- | Jan 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-0045 | The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set ??function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. ??The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit??a664ec9158eeddd75121d39c9a0758016097fa96 | -- | Feb 5, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-0030 | A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Jan 3, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
