The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-41409 | Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. | -- | Jul 18, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-38473 | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38472 | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38471 | A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38470 | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38469 | A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38408 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-3812 | An out-of-bounds memory access flaw was found in the Linux kernel???s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Jul 21, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-3776 | A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. | -- | Jul 24, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-3609 | A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. | -- | Jul 24, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-37920 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes e-Tugra root certificates. e-Tugra\'s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from e-Tugra from the root store. | -- | Jul 25, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-3863 | A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue. | -- | Jul 25, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-3772 | A flaw was found in the Linux kernel???s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | -- | Jul 25, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-37732 | Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | -- | Jul 26, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-3817 | Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | LOW | Jul 26, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-29409 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | -- | Jul 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-34872 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | -- | Jul 31, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-38559 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | -- | Aug 1, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-4016 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. | -- | Aug 2, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4132 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | -- | Aug 3, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-3180 | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. | -- | Aug 3, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4134 | kernel: cyttsp4_core: use-after-free in cyttsp4_watchdog_work() | -- | Aug 4, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. | -- | Aug 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. | -- | Aug 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4194 | A flaw was found in the Linux kernel\'s TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open(): correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | -- | Aug 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4156 | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | -- | Aug 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-3896 | Divide By Zero in vim/vim from??9.0.1367-1 to??9.0.1367-3 | -- | Aug 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39976 | log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. | -- | Aug 8, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-34319 | The fix for XSA-423 added logic to Linux\'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn\'t account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that\'s specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. | -- | Aug 9, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-23908 | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | LOW | Aug 9, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-41804 | Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | LOW | Aug 9, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-32723 | Request to LDAP is sent before user permissions are checked. | -- | Aug 10, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-4128 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | -- | Aug 10, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-28938 | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | LOW | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-28736 | Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | LOW | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2021-28429 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | -- | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2021-3236 | vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. | -- | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-36138 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | -- | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-40359 | xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature. | -- | Aug 14, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-40303 | GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | -- | Aug 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-40283 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | -- | Aug 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-36024 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | -- | Aug 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-36023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | -- | Aug 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4385 | A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. | -- | Aug 16, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-40982 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Aug 16, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4387 | A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware\'s vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. | -- | Aug 17, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-4459 | A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
