The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
CVE-2019-18807 | Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. | MEDIUM | Nov 8, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-19063 | Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. | HIGH | Nov 27, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-19057 | Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. | HIGH | Nov 27, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-11135 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | LOW | Nov 14, 2019 | 10.19.45.14 (Wind River Linux LTS 19) |
CVE-2023-46838 | Transmit requests in Xen\'s virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. | -- | Jan 24, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
CVE-2020-35964 | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | MEDIUM | Jan 3, 2021 | 10.19.45.15 (Wind River Linux LTS 19) |
CVE-2019-15691 | TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-15695 | TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-15692 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2019-15693 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-15694 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2019-17546 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a Negative-size-param condition. | MEDIUM | Oct 20, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2023-38546 | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates easy handles that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. | LOW | Oct 18, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
CVE-2023-46218 | This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\'s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. | LOW | Dec 7, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
CVE-2020-14309 | There\'s an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. | MEDIUM | Jul 31, 2020 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2022-28736 | There\'s a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn\'t support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2\'s memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. | -- | Jun 9, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-28737 | There\'s a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. | -- | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2023-33460 | There\'s a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. | -- | Jun 6, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
CVE-2021-3733 | There\'s a flaw in urllib\'s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | MEDIUM | Aug 24, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
CVE-2020-27845 | There\'s a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg\'s conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. | MEDIUM | Jan 7, 2021 | 10.19.45.15 (Wind River Linux LTS 19) |
CVE-2021-3426 | There\'s a flaw in Python 3\'s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | LOW | Mar 11, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2020-27842 | There\'s a flaw in openjpeg\'s t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | MEDIUM | Jan 7, 2021 | 10.19.45.15 (Wind River Linux LTS 19) |
CVE-2020-27841 | There\'s a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. | MEDIUM | Jan 7, 2021 | 10.19.45.15 (Wind River Linux LTS 19) |
CVE-2021-3520 | There\'s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | HIGH | Apr 30, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2021-3516 | There\'s a flaw in libxml2\'s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | MEDIUM | Apr 29, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2021-3518 | There\'s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | MEDIUM | Apr 29, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2020-35494 | There\'s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | MEDIUM | Jan 7, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2020-35495 | There\'s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | MEDIUM | Jan 7, 2021 | 10.19.45.16 (Wind River Linux LTS 19) |
CVE-2019-1551 | There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). | MEDIUM | Dec 6, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | LOW | Feb 23, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2020-14311 | There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. | LOW | Aug 1, 2020 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2020-14310 | There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn\'t verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | LOW | Aug 1, 2020 | 10.19.45.17 (Wind River Linux LTS 19) |
CVE-2019-14902 | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. | MEDIUM | Feb 2, 2020 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2022-42895 | There is an infoleak vulnerability in the Linux kernel\'s net/bluetooth/l2cap_core.c\'s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit?? https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url | -- | Nov 7, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2018-19755 | There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. | MEDIUM | Nov 29, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2022-27448 | There is an Assertion failure in MariaDB Server v10.9 and below via \'node->pcur->rel_pos == BTR_PCUR_ON\' at /row/row0mysql.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2023-0461 | There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS??or CONFIG_XFRM_ESPINTCP??has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data??of a struct inet_connection_sock. When CONFIG_TLS??is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt??TCP_ULP??operation does not require any privilege. We recommend upgrading past commit??2c02d41d71f90a5168391b6a5f2954112ba2307c | -- | Feb 28, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2020-8649 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | LOW | Feb 6, 2020 | 10.19.45.7 (Wind River Linux LTS 19) |
CVE-2020-8647 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | LOW | Feb 6, 2020 | 10.19.45.7 (Wind River Linux LTS 19) |
CVE-2020-8648 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | LOW | Feb 6, 2020 | 10.19.45.7 (Wind River Linux LTS 19) |
CVE-2019-19344 | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | MEDIUM | Feb 2, 2020 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2020-10690 | There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. | MEDIUM | May 8, 2020 | 10.19.45.8 (Wind River Linux LTS 19) |
CVE-2023-0286 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | LOW | Feb 9, 2023 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-48174 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2022-1975 | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | -- | Jun 6, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2023-0240 | There is a logic error in io_uring\'s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. | -- | Jan 30, 2023 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2018-19758 | There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | MEDIUM | Nov 29, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2021-33657 | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. | MEDIUM | Apr 2, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | HIGH | Apr 29, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |