The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-0554 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
CVE-2021-23134 | Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. | MEDIUM | May 10, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2023-1281 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.??The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \'tcf_exts_exec()\' is called with the destroyed tcf_ext.??A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. | -- | Mar 24, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | HIGH | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
CVE-2021-41043 | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | MEDIUM | Jan 5, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
CVE-2023-5535 | Use After Free in GitHub repository vim/vim prior to v9.0.2010. | -- | Oct 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2022-4292 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | -- | Dec 6, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-3591 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | -- | Dec 2, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-3352 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | -- | Sep 30, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3297 | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | -- | Sep 25, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3256 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | -- | Sep 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3235 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | -- | Sep 18, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3134 | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | -- | Sep 9, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3099 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | -- | Sep 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3037 | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | -- | Sep 1, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3016 | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | -- | Aug 28, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2982 | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | -- | Aug 27, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2946 | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | -- | Aug 25, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2889 | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2862 | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2817 | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | MEDIUM | May 20, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-0443 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
CVE-2022-1616 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2020-12464 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | HIGH | Apr 29, 2020 | 10.19.45.8 (Wind River Linux LTS 19) |
CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn\'t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn\'t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | LOW | Oct 4, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | MEDIUM | Sep 30, 2020 | 10.19.45.13 (Wind River Linux LTS 19) |
CVE-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | MEDIUM | Sep 12, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
CVE-2020-26154 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | MEDIUM | Oct 9, 2020 | 10.19.45.16 (Wind River Linux LTS 19) |
CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2023-4016 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. | -- | Aug 2, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2023-28938 | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | LOW | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \'any\' field tag. | -- | Aug 10, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | -- | Jun 1, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | -- | Jun 20, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-1771 | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | MEDIUM | May 20, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | -- | Jul 4, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | -- | Jul 4, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-0907 | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. | MEDIUM | Mar 11, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
CVE-2022-41804 | Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | LOW | Aug 9, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |