The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | -- | Dec 16, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3111 | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | -- | Dec 16, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | -- | Dec 16, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3108 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | -- | Dec 16, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3107 | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. | -- | Dec 16, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3105 | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | -- | Dec 16, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-4378 | A stack overflow flaw was found in the Linux kernel\'s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Dec 10, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-43515 | Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. | -- | Dec 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-41861 | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. | -- | Dec 8, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-41860 | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. | -- | Dec 8, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-23491 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from TrustCor from the root store. These are in the process of being removed from Mozilla\'s trust store. TrustCor\'s root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor\'s ownership also operated a business that produced spyware. Conclusions of Mozilla\'s investigation can be found in the linked google group discussion. | -- | Dec 8, 2022 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2022-23471 | containerd is an open source container runtime. A bug was found in containerd\'s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user\'s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd\'s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. | LOW | Dec 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-20566 | In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel | -- | Dec 7, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-20565 | HID: core: Correctly handle ReportSize being zero | -- | Dec 7, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3643 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | -- | Dec 7, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-4293 | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | -- | Dec 6, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-4292 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | -- | Dec 6, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-3491 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | -- | Dec 3, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-3591 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | -- | Dec 2, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-3520 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | -- | Dec 2, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | -- | Nov 27, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-45919 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | -- | Nov 27, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-45887 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | -- | Nov 25, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-45886 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | -- | Nov 25, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-45885 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | -- | Nov 25, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-45884 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | -- | Nov 25, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-4141 | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | -- | Nov 25, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-36227 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution. | LOW | Nov 24, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-4129 | A flaw was found in the Linux kernel\'s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | -- | Nov 24, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-41858 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | -- | Nov 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-4095 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | -- | Nov 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2009-1143 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | -- | Nov 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2009-1142 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. | -- | Nov 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\'s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\'s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. | -- | Nov 18, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-3970 | A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. | -- | Nov 17, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3775 | When rendering certain unicode sequences, grub2\'s font code doesn\'t proper validate if the informed glyph\'s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\'s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | -- | Nov 17, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2601 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | -- | Nov 17, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug. | -- | Nov 16, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | LOW | Nov 9, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-3821 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | -- | Nov 9, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-44793 | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | -- | Nov 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-44792 | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | -- | Nov 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-42896 | There are use-after-free vulnerabilities in the Linux kernel\'s net/bluetooth/l2cap_core.c\'s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.??A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit?? https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url | -- | Nov 7, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-42895 | There is an infoleak vulnerability in the Linux kernel\'s net/bluetooth/l2cap_core.c\'s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit?? https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url | -- | Nov 7, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-39377 | sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | -- | Nov 7, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-40284 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | -- | Nov 6, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-44638 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | -- | Nov 5, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-43995 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. | -- | Nov 4, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3707 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | -- | Nov 1, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-3628 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. | -- | Oct 31, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
