The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48174 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48065 | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48064 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-48063 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-47696 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | LOW | Aug 22, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-47695 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | LOW | Aug 22, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-47673 | An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-47022 | An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-47011 | An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-47010 | An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-47008 | An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-47007 | An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-45703 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-44840 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2022-40090 | An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2021-46174 | Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-35342 | GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | LOW | Aug 22, 2023 | 10.19.45.17 (Wind River Linux LTS 19) |
| CVE-2020-27418 | A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-22219 | Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-22217 | Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-21890 | Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-21710 | A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. | -- | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-21528 | A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. | -- | Aug 22, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2020-21490 | An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-21469 | An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account). | -- | Aug 22, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2020-21047 | The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. | -- | Aug 22, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2020-19724 | A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. | LOW | Aug 22, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-41175 | A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | -- | Aug 29, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-40745 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | -- | Aug 29, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-39615 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\'s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. | -- | Aug 29, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-41040 | GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn\'t check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. | LOW | Aug 31, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | -- | Aug 31, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4641 | A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. | -- | Sep 1, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39319 | The html/template package does not apply the proper rules for handling occurrences of <script, <!--, and </script within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39318 | The html/template package does not properly handle HTML-like comment tokens, nor hashbang #! comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4751 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4738 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4735 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4734 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-36328 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | -- | Sep 6, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4623 | A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. | -- | Sep 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4622 | A use-after-free vulnerability in the Linux kernel\'s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer\'s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. | -- | Sep 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4208 | A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. | -- | Sep 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4921 | A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. | -- | Sep 12, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
