The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | -- | Jul 4, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | -- | Jul 4, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2288 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\'s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | MEDIUM | Jul 2, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-2287 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-33099 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | MEDIUM | Jul 1, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-32091 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | HIGH | Jul 1, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-32084 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | MEDIUM | Jul 1, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2264 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 1, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2257 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 1, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-34835 | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the do_i2c_md function. | HIGH | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-2058 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-2057 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-2056 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-32208 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | MEDIUM | Jun 28, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-32206 | curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | MEDIUM | Jun 28, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 26, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-33070 | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jun 23, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-33068 | An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jun 23, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 23, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2153 | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | -- | Jun 23, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-2068 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | HIGH | Jun 21, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | -- | Jun 20, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2122 | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. | -- | Jun 20, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-2125 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 19, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-21166 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Jun 18, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-21125 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Jun 18, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-21123 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Jun 18, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-46823 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | MEDIUM | Jun 18, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-46822 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | MEDIUM | Jun 18, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-1925 | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can\'t be triggered, however the matroskaparse element has no size checks. | -- | Jun 17, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1924 | DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | -- | Jun 17, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1923 | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | -- | Jun 17, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1922 | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | -- | Jun 17, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1921 | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | -- | Jun 17, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1920 | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | -- | Jun 17, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-21127 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Jun 16, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | MEDIUM | Jun 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-32981 | An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. | MEDIUM | Jun 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | MEDIUM | Jun 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | MEDIUM | Jun 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-31813 | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | HIGH | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-31030 | containerd is an open source container runtime. A bug was found in the containerd\'s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd\'s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an exec facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. | LOW | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-29404 | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
