The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2021-36369 | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | -- | Oct 14, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-42703 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. | -- | Oct 9, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3424 | A use-after-free flaw was found in the Linux kernel???s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | -- | Oct 9, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | -- | Oct 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | -- | Oct 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | -- | Oct 8, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-41323 | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | LOW | Oct 8, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-31629 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\'s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | -- | Oct 7, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-31628 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. | -- | Oct 7, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-2929 | In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | -- | Oct 7, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2928 | In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\'s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | -- | Oct 7, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-41850 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | -- | Oct 4, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-41849 | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | -- | Oct 4, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3352 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | -- | Sep 30, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3324 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | -- | Sep 29, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3303 | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition | -- | Sep 29, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-38178 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | -- | Sep 25, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-38177 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | -- | Sep 25, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3297 | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | -- | Sep 25, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3296 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | -- | Sep 25, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-2880 | Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request\'s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | -- | Sep 25, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-2795 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\'s performance, effectively denying legitimate clients access to the DNS resolution service. | -- | Sep 25, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-41218 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | -- | Sep 24, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-40716 | HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2. | -- | Sep 23, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
CVE-2022-3278 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | -- | Sep 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3256 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | -- | Sep 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2021-3782 | An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. | -- | Sep 23, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-41222 | mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. | -- | Sep 22, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-28321 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\'t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. | -- | Sep 22, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. | -- | Sep 22, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3239 | A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Sep 21, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-40768 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | -- | Sep 18, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3235 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | -- | Sep 18, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3234 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | -- | Sep 17, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3176 | There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn\'t handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 | -- | Sep 17, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2977 | A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. | -- | Sep 17, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-40674 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | -- | Sep 16, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3202 | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | -- | Sep 16, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-36109 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `USER $USERNAME` Dockerfile instruction. Instead by calling `ENTRYPOINT [su, -, user]` the supplementary groups will be set up properly. | -- | Sep 10, 2022 | 10.19.45.30 (Wind River Linux LTS 19) |
CVE-2022-40307 | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | -- | Sep 9, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-39842 | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. | -- | Sep 9, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-36280 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file \'/dev/dri/renderD128 (or Dxxx)\'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | -- | Sep 9, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
CVE-2022-3169 | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. | -- | Sep 9, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-3134 | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | -- | Sep 9, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2020-10735 | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | -- | Sep 9, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-3153 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. | -- | Sep 8, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | -- | Sep 4, 2022 | 10.19.45.31 (Wind River Linux LTS 19) |
CVE-2022-38725 | An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. | -- | Sep 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3099 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | -- | Sep 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-3028 | A race condition was found in the Linux kernel\'s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | -- | Sep 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |