The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-1215 | A format string vulnerability was found in libinput | HIGH | Apr 21, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-21427 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | MEDIUM | Apr 20, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1184 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | -- | Apr 20, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | MEDIUM | Apr 19, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1353 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | LOW | Apr 19, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-28893 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | HIGH | Apr 15, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1304 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | MEDIUM | Apr 15, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-28346 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | HIGH | Apr 14, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-27458 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27456 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27452 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27449 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27448 | There is an Assertion failure in MariaDB Server v10.9 and below via \'node->pcur->rel_pos == BTR_PCUR_ON\' at /row/row0mysql.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27447 | MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27445 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-28739 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27387 | MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27386 | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27384 | An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27383 | MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27381 | An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27380 | An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27379 | An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27378 | An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27377 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27376 | MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-24070 | Subversion\'s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. | MEDIUM | Apr 13, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2021-28544 | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \'copyfrom\' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \'copyfrom\' path of the original. This also reveals the fact that the node was copied. Only the \'copyfrom\' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. | LOW | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | HIGH | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-28347 | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | HIGH | Apr 12, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1271 | An arbitrary file write vulnerability was found in GNU gzip\'s zgrep utility. When zgrep is applied on the attacker\'s chosen file name (for example, a crafted file name), this can overwrite an attacker\'s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | LOW | Apr 12, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2021-4209 | A NULL pointer dereference flaw was found in GnuTLS. As Nettle\'s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | -- | Apr 12, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1158 | A flaw was found in KVM. When updating a guest\'s page table entry, vm_pgoff was improperly used as the offset to get the page\'s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. | -- | Apr 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-26280 | Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | MEDIUM | Apr 5, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-28390 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-28389 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1205 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1204 | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1199 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1198 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1195 | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | LOW | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | HIGH | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | -- | Apr 4, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2021-4207 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | MEDIUM | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2021-4206 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | MEDIUM | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-28356 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | MEDIUM | Apr 3, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1210 | A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | MEDIUM | Apr 3, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | MEDIUM | Apr 2, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-0934 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | -- | Apr 2, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
