The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-22049 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22044 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22039 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | MEDIUM | Jun 1, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22051 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22038 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. | MEDIUM | Jun 1, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2020-22048 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22056 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22054 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22041 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. | MEDIUM | Jun 1, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22046 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. | MEDIUM | Jun 2, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2020-22043 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | MEDIUM | Jun 1, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2023-28320 | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | LOW | May 18, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2024-0639 | A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. | -- | Jan 17, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | MEDIUM | Dec 10, 2020 | 10.19.45.16 (Wind River Linux LTS 19) |
| CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | -- | Apr 25, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-1382 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | -- | Mar 15, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | -- | Jan 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | MEDIUM | Dec 24, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2019-13103 | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | MEDIUM | Jul 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2021-39257 | A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39255 | A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39259 | A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39263 | A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39258 | A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-39253 | A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39252 | A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39260 | A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39262 | A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39254 | A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39251 | A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-39256 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-39261 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-36160 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | MEDIUM | Sep 16, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | MEDIUM | Mar 14, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | HIGH | Dec 24, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | -- | Jan 25, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2020-9366 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | HIGH | Feb 25, 2020 | 10.19.45.5 (Wind River Linux LTS 19) |
| CVE-2020-14393 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | LOW | Sep 20, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2022-2601 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | -- | Nov 17, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-40284 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | -- | Nov 6, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2019-8842 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs. | LOW | Sep 15, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2020-16300 | A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | MEDIUM | Aug 14, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
