Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2427 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-25012 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. -- Feb 2, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-0590 A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. -- Feb 1, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2022-25147 Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. -- Jan 31, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-24963 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. -- Jan 31, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-0240 There is a logic error in io_uring\'s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. -- Jan 30, 2023 10.19.45.1 (Wind River Linux LTS 19)
CVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. -- Jan 30, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-0512 Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. -- Jan 30, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-48281 processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., WRITE of size 307203) via a crafted TIFF image. -- Jan 30, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-4254 sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters -- Jan 30, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a -- argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value. -- Jan 27, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2023-0394 A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. -- Jan 27, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-47024 A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. -- Jan 27, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2020-22452 SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. -- Jan 27, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-47929 In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. -- Jan 26, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-23521 Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. -- Jan 26, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-41903 Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. -- Jan 25, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-37436 Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. -- Jan 25, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-36760 Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. -- Jan 25, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2006-20001 A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. -- Jan 25, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-40704 A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. -- Jan 24, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2023-24056 In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. -- Jan 23, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-0433 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. -- Jan 23, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-35977 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Jan 23, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2023-0330 A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. -- Jan 18, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2022-46285 A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. -- Jan 18, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2022-44617 A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. -- Jan 18, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2022-4883 A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. -- Jan 18, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-0266 A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.??SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit??56b88b50565cd8b946a2d00b0c83927b7ebb055e -- Jan 14, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-23559 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. -- Jan 13, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-0288 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. -- Jan 13, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-23455 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). -- Jan 12, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-4743 A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. -- Jan 12, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-31631 PDO::quote() may return unquoted string -- Jan 7, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2023-0054 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. -- Jan 4, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-0051 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. -- Jan 4, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-0049 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. -- Jan 4, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2023-0030 A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. -- Jan 3, 2023 10.19.45.1 (Wind River Linux LTS 19)
CVE-2022-3341 A null pointer dereference issue was discovered in \'FFmpeg\' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. -- Jan 3, 2023 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-47952 lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because Failed to open often indicates that a file does not exist, whereas does not refer to a network namespace path often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that we will report back to the user that the open() failed but the user has no way of knowing why it failed; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist. -- Jan 2, 2023 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-44640 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). -- Dec 25, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-47629 Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. -- Dec 24, 2022 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-4662 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. -- Dec 23, 2022 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-44940 Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. -- Dec 20, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-4603 A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario. -- Dec 18, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-2196 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.??L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn\'t need retpolines or IBPB??after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit??2e7eab81425a -- Dec 17, 2022 10.19.45.28 (Wind River Linux LTS 19)
CVE-2022-46344 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. -- Dec 16, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-46343 A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. -- Dec 16, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-46342 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se -- Dec 16, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-46341 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. -- Dec 16, 2022 10.19.45.27 (Wind River Linux LTS 19)
CVE-2022-46340 A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. -- Dec 16, 2022 10.19.45.27 (Wind River Linux LTS 19)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online