The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-27281 | -- | Mar 22, 2024 | 10.19.45.31 (Wind River Linux LTS 19) | |
| CVE-2023-41040 | GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn\'t check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. | LOW | Aug 31, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2021-3609 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | MEDIUM | Jun 21, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2020-28915 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | MEDIUM | Nov 18, 2020 | 10.19.45.15 (Wind River Linux LTS 19) |
| CVE-2023-38559 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | -- | Aug 1, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-3628 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. | -- | Oct 31, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2019-18397 | A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. | MEDIUM | Nov 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2021-33430 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user | MEDIUM | Dec 17, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2020-16289 | A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16291 | A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16294 | A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16297 | A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-17538 | A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16296 | A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16304 | A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16290 | A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16302 | A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16287 | A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16309 | A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16298 | A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16292 | A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16301 | A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16305 | A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16288 | A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16308 | A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-16300 | A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2019-8842 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs. | LOW | Sep 15, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2022-40284 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | -- | Nov 6, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2601 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | -- | Nov 17, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2020-14393 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | LOW | Sep 20, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2020-9366 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | HIGH | Feb 25, 2020 | 10.19.45.5 (Wind River Linux LTS 19) |
| CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | -- | Jan 25, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | HIGH | Dec 24, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | MEDIUM | Mar 14, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2021-36160 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | MEDIUM | Sep 16, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-39261 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39256 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-39251 | A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39254 | A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39262 | A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39260 | A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39252 | A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39253 | A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
