The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-48468 | protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. | -- | Apr 13, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-48303 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | -- | Jan 30, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-48281 | processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., WRITE of size 307203) via a crafted TIFF image. | -- | Jan 30, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-48174 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | -- | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47952 | lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because Failed to open often indicates that a file does not exist, whereas does not refer to a network namespace path often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that we will report back to the user that the open() failed but the user has no way of knowing why it failed; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist. | -- | Jan 2, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47929 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. | -- | Jan 26, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-47696 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | LOW | Aug 22, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-47695 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47629 | Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | -- | Dec 24, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-47024 | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | -- | Jan 27, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-47022 | An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. | -- | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47011 | An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47010 | An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47008 | An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-47007 | An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-46344 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46343 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46342 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46341 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46340 | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | -- | Dec 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-46285 | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | -- | Jan 18, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | -- | Nov 27, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-45919 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | -- | Nov 27, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45887 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | -- | Nov 25, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45886 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | -- | Nov 25, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45884 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | -- | Nov 25, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-45142 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding != 0 comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. | -- | Mar 7, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | LOW | Nov 9, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44940 | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. | -- | Dec 20, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44793 | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | -- | Nov 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44792 | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | -- | Nov 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | -- | Dec 25, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44638 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | -- | Nov 5, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-44617 | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | -- | Jan 18, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-44370 | NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 | -- | Mar 30, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-43995 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. | -- | Nov 4, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-43750 | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\'s internal memory. | -- | Oct 28, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-43680 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | LOW | Oct 28, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-43552 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | LOW | Dec 22, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug. | -- | Nov 16, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-42896 | There are use-after-free vulnerabilities in the Linux kernel\'s net/bluetooth/l2cap_core.c\'s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.??A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit?? https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url | -- | Nov 7, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-42895 | There is an infoleak vulnerability in the Linux kernel\'s net/bluetooth/l2cap_core.c\'s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit?? https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url | -- | Nov 7, 2022 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2022-42703 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. | -- | Oct 9, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | -- | Oct 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | -- | Oct 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | -- | Oct 8, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-41974 | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | -- | Oct 30, 2022 | 10.18.44.29 (Wind River Linux LTS 18) |
